Professional Documents
Culture Documents
1. Scope
This procedure details the steps taken to review the eBusiness database logging via the
DBA_Audit_Trail table.
2. Procedures
2.1 Inputs
• Baseline spreadsheet
• Comma delimited activity file including SME designation
• PMP Generic and Shared Accounts
Example: Baseline Spreadsheet
Page 1 of 6
GDLS Sensitive – Not for distribution outside of GDLS
Printed copy valid for three (3) business days. See the process repository for current version.
Oracle eBusiness Database Monitoring Procedure Published: 12/16/2020
A comma delimited file will be emailed weekly to the GDLS SOC for reviewing
current database activity against the baseline spreadsheet for abnormalities.
Page 2 of 6
GDLS Sensitive – Not for distribution outside of GDLS
Printed copy valid for three (3) business days. See the process repository for current version.
Oracle eBusiness Database Monitoring Procedure Published: 12/16/2020
OS_USERNAME Operating system login username of the user whose actions were audited
USERNAME Name (not ID number) of the user whose actions were audited
TIMESTAMP Date and time of the creation of the audit trail entry (date and time of user
login for entries created by AUDIT SESSION) in the local database session
time zone
ACTION NOT Numeric action type code. The corresponding name of the action type is in
NULL the ACTION_NAME column.
ACTION_NAME Name of the action type corresponding to the numeric code in the ACTION
column
NEW_NAME New name of the object after a RENAME or the name of the underlying
object
ADMIN_OPTION Indicates whether the role or system privilege was granted with the ADMIN
option
SES_ACTIONS Session summary (a string of 16 characters, one for each action type in the
order ALTER, AUDIT, COMMENT, DELETE, GRANT, INDEX, INSERT,
LOCK, RENAME, SELECT, UPDATE, REFERENCES, and EXECUTE).
Positions 14, 15, and 16 are reserved for future use. The characters are:
• - - None
• S - Success
• F - Failure
• B - Both
Page 3 of 6
GDLS Sensitive – Not for distribution outside of GDLS
Printed copy valid for three (3) business days. See the process repository for current version.
Oracle eBusiness Database Monitoring Procedure Published: 12/16/2020
SES_ACTIONS Session summary (a string of 16 characters, one for each action type in the
order ALTER, AUDIT, COMMENT, DELETE, GRANT, INDEX, INSERT,
LOCK, RENAME, SELECT, UPDATE, REFERENCES, and EXECUTE).
Positions 14, 15, and 16 are reserved for future use. The characters are:
• - - None
• S - Success
• F - Failure
• B - Both
COMMENT_TEX Text comment on the audit trail entry, providing more information about the
T statement audited
Also indicates how the user was authenticated. The method can be one of
the following:
ENTRYID NOT Numeric ID for each audit trail entry in the session
NULL
Page 4 of 6
GDLS Sensitive – Not for distribution outside of GDLS
Printed copy valid for three (3) business days. See the process repository for current version.
Oracle eBusiness Database Monitoring Procedure Published: 12/16/2020
RETURNCODE NOT Oracle error code generated by the action. Some useful values:
NULL
• 0 - Action succeeded
• 2004 - Security violation
• 1017 - invalid username/password
• 28000 - account is locked out
EXTENDED_TIM Timestamp of the creation of the audit trail entry (timestamp of user login for
ESTAMP entries created by AUDIT SESSION) in UTC (Coordinated Universal Time)
time zone
PROXY_SESSIO Proxy session serial number, if an enterprise user has logged in through the
NID proxy mechanism
GLOBAL_UID Global user identifier for the user, if the user has logged in as an enterprise
user
2.3 Outputs
Item Description
VLOOKUP between Activity File and PMP U:\GDLS_Global Transfer\NON-Technical
File Data\Compliance\eBusiness Database Logging
Updated Baseline Spreadsheet U:\GDLS_Global Transfer\NON-Technical
Data\Compliance\eBusiness Database Logging
GDLS Security Incident Database https://thehive.gdls.com:9443
Page 5 of 6
GDLS Sensitive – Not for distribution outside of GDLS
Printed copy valid for three (3) business days. See the process repository for current version.
Oracle eBusiness Database Monitoring Procedure Published: 12/16/2020
2.4 Exceptions
None
3. Definitions
Term Definition
4. Appendices / References
Document Name Comments
Cybersecurity Maturity Model Certification Control Reference AU.2.042, AU.3.045
(CMMC) Ver.1.02
Security Incident Response Procedure
5. Revision History
Date Issue No. Comments Author Approved By:
12/11/2020 1.0 Final Draft L. North
J. Hand
M. Cruz
D. Blaine
G. Perez
Page 6 of 6
GDLS Sensitive – Not for distribution outside of GDLS
Printed copy valid for three (3) business days. See the process repository for current version.